File tree 2 files changed +9
-3
lines changed
2 files changed +9
-3
lines changed Original file line number Diff line number Diff line change @@ -64,6 +64,10 @@ def get_all_non_sensitive():
6464 return config
6565
6666
67+ def is_sensitive (key ):
68+ return key in backend .get ('sensitive_fields' )
69+
70+
6771def set_bulk (values : dict ):
6872 for key , value in values .items ():
6973 set (key , value )
Original file line number Diff line number Diff line change 1- from rest_framework .status import HTTP_400_BAD_REQUEST
1+ from rest_framework .status import HTTP_400_BAD_REQUEST , HTTP_403_FORBIDDEN
22from rest_framework .views import APIView
33
44from backend .response import FormattedResponse
@@ -12,10 +12,12 @@ class ConfigView(APIView):
1212
1313 def get (self , request , name = None ):
1414 if name is None :
15- if request .user .is_staff :
15+ if request .user .is_superuser :
1616 return FormattedResponse (config .get_all ())
1717 return FormattedResponse (config .get_all_non_sensitive ())
18- return FormattedResponse (config .get (name ))
18+ if not config .is_sensitive (name ) or request .is_superuser :
19+ return FormattedResponse (config .get (name ))
20+ return FormattedResponse (status = HTTP_403_FORBIDDEN )
1921
2022 def post (self , request , name ):
2123 if "value" not in request .data :
You can’t perform that action at this time.
0 commit comments